[PATCH v2 1/1] gss-api: expose gss major/minor error in authgss_refresh()

Olga Kornievskaia <olga.kornievskaia@xxxxxxxxx> · Wed, 4 Oct 2023 13:32:36 -0400

From: Olga Kornievskaia <kolga@xxxxxxxxxx>

When the client calls into the libtirpc to establish security
context, the errors that occurred are squashed. Instead, extend
authgss_refresh to propagate back the gss major/minor error
codes to the caller.

--- v2 fix a compiler warning reported by Steve Dickson

Signed-off-by: Olga Kornievskaia <kolga@xxxxxxxxxx>
---
 src/auth_gss.c       | 14 ++++++++------
 tirpc/rpc/auth_gss.h |  2 ++
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/auth_gss.c b/src/auth_gss.c
index e317664..3127b92 100644
--- a/src/auth_gss.c
+++ b/src/auth_gss.c
@@ -184,6 +184,7 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
 	AUTH			*auth, *save_auth;
 	struct rpc_gss_data	*gd;
 	OM_uint32		min_stat = 0;
+	rpc_gss_options_ret_t	ret;
 
 	gss_log_debug("in authgss_create()");
 
@@ -229,8 +230,12 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
 	save_auth = clnt->cl_auth;
 	clnt->cl_auth = auth;
 
-	if (!authgss_refresh(auth, NULL))
+	memset(&ret, 0, sizeof(rpc_gss_options_ret_t));
+	if (!authgss_refresh(auth, &ret)) {
 		auth = NULL;
+		sec->major_status = ret.major_status;
+		sec->minor_status = ret.minor_status;
+	}
 	else
 		authgss_auth_get(auth); /* Reference for caller */
 
@@ -619,12 +624,9 @@ _rpc_gss_refresh(AUTH *auth, rpc_gss_options_ret_t *options_ret)
 }
 
 static bool_t
-authgss_refresh(AUTH *auth, void *dummy)
+authgss_refresh(AUTH *auth, void *ret)
 {
-	rpc_gss_options_ret_t ret;
-
-	memset(&ret, 0, sizeof(ret));
-	return _rpc_gss_refresh(auth, &ret);
+	return _rpc_gss_refresh(auth, (rpc_gss_options_ret_t *)ret);
 }
 
 bool_t
diff --git a/tirpc/rpc/auth_gss.h b/tirpc/rpc/auth_gss.h
index f2af6e9..a530d42 100644
--- a/tirpc/rpc/auth_gss.h
+++ b/tirpc/rpc/auth_gss.h
@@ -64,6 +64,8 @@ struct rpc_gss_sec {
 	rpc_gss_svc_t	svc;		/* service */
 	gss_cred_id_t	cred;		/* cred handle */
 	u_int		req_flags;	/* req flags for init_sec_context */
+	int		major_status;
+	int		minor_status;
 };
 
 /* Private data required for kernel implementation */
-- 
2.39.1







